xF1 Released - XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam | NulledTeam UnderGround | The Best Scripts Site In The World
XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam

xF1 Released XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam 1.4.8

No permission to download
  • Read Our Rules

    Dont forget read our rules Nulled Team UnderGround Rules

  • You may not say thanks or replied bad language in a thread - Your reply will be removed and warning! You must be like us "overview" in the resource. You will be access to download in FREE SECTION ONLY! DO NOT PREMIUM SECTION! Is only upgrade to up account.
  • Please support our site and click on the advertised
  • Complete Installation Service

    Review Our XenForo Complete Installation Service
  • Multiple Accounts

    Dont forget we not allowed Multiple Accounts, so all of your accounts as well as your IP will ban

Today, we are releasing XenForo 1.4.8. This release addresses two potential security vulnerabilities and fixes a number of bugs found since the release of 1.4.7. We recommend that all customers running XenForo 1.4 upgrade to 1.4.8 or use the attached patch file as soon as possible.

The two security issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
  • In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves).
  • In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly, potentially triggering an XSS against the user viewing the page.
Thanks to Diego Palacios for reporting these two issues.

In addition, some of the bugs fixed in 1.4.8 include:
  • Improved performance in the rich text editor.
  • Fixed trophies not being awarded at session creation as expected.
  • Fix certain cases where the image proxy would unexpectedly fail to detect a valid image.
  • Support downloading attachments with UTF-8 file names in IE.
  • Ensure a more correct following count is shown when viewing a member's profile in some cases.
  • Throw an error when sending a warning and only one of the conversation title or message box has been completed.
  • Fix an incorrect permission check over viewing the moderator actions taken against a thread.
  • Fix incorrect logic relating to the DNSBL cache used at registration.
  • Prune drafts hourly rather than daily.
  • Fix a situation where the spam cleaner would not remove replies by a spammer to their own thread.
  • Ensure that there is no default text decoration on <abbr> tags in Firefox.
  • Use a new "simple" BB code formatter when creating snippets for RSS feeds to prevent unexpected code from running.
  • Update the bundled version of jQuery Migrate to 1.2.1.
  • Copying from the template preview in template modifications did not maintain line breaks in Firefox.
  • Fix an issue importing older attachments from SMF.
  • Fix an issue where the vBulletin importer could infinitely loop.
See the Resolved Bug Reports forum for further information.

The following template has had changes:
  • xenforo_reset.css
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes
First release
Last update
0.00 star(s) 0 ratings

More resources from Admin

Share this resource

AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock